So, quite a serious pair of bugs in OpenSSH were discovered. As I disabled the (undocumented) feature in my ~/.ssh/config file, I noticed a tweet by Filippo Valsorda telling me to try ssh whoami.filippo.io.

The server he runs is one he had written back in August . And as I had the ForwardAgent functionality enabled by default, it warned me for the dangers of doing this. I was completely unaware of the dangers of this feature.

While looking at the code of Filippo's custom SSH server, I found some tips at the bottom of the README . I opened my config, and realized I didn't want to do this. I currently have close to 40 hosts configured in my ~/.ssh/config file, most of them to simply type short names for the hosts I connect to more often. And Filippo advised me to add at least two lines for each of them:

Host example.com
    PubkeyAuthentication yes
    IdentityFile ~/.ssh/id_rsa

I would have to add those last two lines nearly 40 times over. Additionally, I wanted to enable ControlMaster (with ControlPath and ControlPersist) and keepalive. This brought the original 2 or 3 lines per host up to 8 or 9. So I built something to generate the configuration file for me.

ssh-config-template

The tool I built, called ssh-config-template looks at a folder containing a number of subfolders. For each subfolder it applies data from the hosts.json file to the template, and writes it all to ~/.ssh/config. This way

Want to try it too? There's some (admittedly poor) instructions in the github repo